<?php
// update profile page (update user profile script)
//
// digiboard by digitalboom.org
// http://www.digitalboom.org
//
// Information Technology program
// Sirindhorn International Institute of Technology
// Thammasat University, Rangsit Campus
// http://www.siit.tu.ac.th
//
// authors: sea
// first created on: 2008 May 15
// last modified on: 2008 May 15
// last modified by: sea

include("settings/config.inc.php");
include("settings/accounts.inc.php");
include("settings/forum.inc.php");
include("lib/util.inc.php");
include("lib/users_function.inc.php");
include("lib/sh.inc.php");

extract($_POST);
extract($_GET);
?>
<html>
<head>
<title><?=$DGB["WEBBOARD_NAME"];?> / reset password</title>
<meta http-equiv="Content-Type" content="text/html; charset=<?=$DGB["ENCODING"];?>">
<link rel="stylesheet" href="<?=$DGB["STYLESHEET"];?>" type="text/css">
</head>

<body bgcolor="#FFFFEE" >
<table class="pHead" width="100%" border=0 cellspacing=0 cellpadding=0>
 <tr valign="middle"> 
  <td><b><font color="#F8F8F8"><?=$DGB["WEBBOARD_NAME"];?> /
   </font><font color="#FFFFFF">Reset password for me please</font></b></td>
  </tr>
</table>

<? if ($DGB["ENABLE_LOGIN"] == true)  {
$db_link = dgb_db_connect();

$error_message = "";

// verify Username and password first
$query = "SELECT * FROM ".$DGB['DB_USERS_TABLE']." WHERE Username='$username' and Password = '$resetkey'";
$result = mysql_query($query, $db_link);
$num = mysql_num_rows($result);

// check duplicated Username ?
if ($num<=0) {
 $error_message .= "## Your reset key is not correct.";

//If the New Password and Confirm not match
}else if ( ($_POST[NewPassword])&& ($_POST[NewPassword]!=$_POST[ConfirmNewPassword]) ){
 $error_message.="##  Your New Password and Confirm New Password not match.";

//If the New Password exist.
}else if ($_POST[NewPassword]){
 $query = "UPDATE ".$DGB['DB_USERS_TABLE']." SET Password = '".md5($_POST[NewPassword])."' WHERE Username='".$_POST[username]."' and Password = '".$_POST[resetkey]."'";
 $result = mysql_query($query, $db_link);
 if ($result){
 	echo "<center>Your password is already set!, Please <b><a href='index.php'>login again</a></b>!</center>\n";
 	exit;
 }
}

if ($error_message) {
 $javatext = "<script language='JavaScript'>alert('Error Message :\\n$error_message');history.back();</Script>";
 echo $javatext;
 exit;
}
?>
<br>
<form name="form1" method="post" action="resetpassword.php">
<table width=500 border=0 cellspacing=0 cellpadding=1 align="center">
<tr> 
          <td colspan=3 class="pHead"><b><font color="#FFFFFF">&nbsp;Reset password for <?=$_GET[username]?></font></b></td>
</tr>
<tr> 
 <td bgcolor="#FFFFEE" colspan=3></td>
</tr>
<tr bgcolor="#FFFFEE">
 <td width=20>&nbsp;</td> 
 <td width=100>New Password</td>
 <td width=260>
  <input type="password" name="NewPassword" size=20 maxlength=50>
 </td>
</tr>
<tr bgcolor="#FFFFEE">
 <td>&nbsp;</td> 
          <td>&nbsp;</td>         <td>&nbsp; </td>
</tr>
<tr bgcolor="#FFFFEE">
 <td width=20>&nbsp;</td> 
 <td width=100>Confirm New Password</td>
 <td width=260> 
 <input type="password" name="ConfirmNewPassword" size=20 maxlength=50>
 </td>
</tr>
<tr bgcolor="#FFFFEE">
 <td>&nbsp;</td> 
          <td>&nbsp;</td>         <td>&nbsp; </td>
</tr>  
<tr bgcolor="#FFFFEE">
 <td>&nbsp;</td>
 <td>&nbsp;</td> 
 <td> 
  <input class="rfc_btn" type="submit" name="Submit" value="Submit">
  <input class="rfc_btn" type="reset" name="Submit2" value="Reset">
 </td>
</tr>
<input type="hidden" name="username" value="<?=$_GET[username]?>">
<input type="hidden" name="resetkey" value="<?=$_GET[resetkey]?>">
</form>
<? } else { ?>
<h2 align="center">Login system is currently disabled.</h2>
<? } ?>
</body>
</html>
